Tag: Risk Assessments

Categories
31 Days to More Effective Compliance Programs

Day 14 – Risk Assessments

One cannot say enough about risk assessments in the context of anti-corruption programs. This is because every corporate compliance program should be based upon a risk assessment to understand your organization’s business from the commercial perspective, how your organization has identified, assessed, and defined its risk profile, and, finally, the degree to which the program devotes appropriate scrutiny and resources to this range of risks. Yet the 2020 Update added a new emphasis that Risk Assessments should not be done not less than annually but, in reality, should be done each time your risk change. Over the past couple of years, every company’s risks changed from Work From Home to Return to the Office to Hybrid Work environments. Have you assessed these new paradigms for risks from the compliance perspective?

As far back as 1999, in the Metcalf & Eddy enforcement action, the DOJ has said that risk assessments that measure the likelihood and severity of possible FCPA violations should direct your resources to manage these risks. The 2012 FCPA Guidance succinctly stated, “Assessment of risk is fundamental to developing a strong compliance program and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.
There are a number of ways you can slice and dice your basic inquiry. As with almost all FCPA compliance, your protocol must be well thought out. If you use one, some, or all of the above as your basic inquiries for your risk analysis, it should be acceptable for your starting point. 

Three key takeaways:

  1. Since at least 1999, the DOJ has pointed to risk assessment as the start of an effective compliance program.
  2. The DOJ will now consider your risk assessment methodology for identifying risks and gathering evidence.
  3. You should base your compliance program on your risk assessment.
Categories
Great Women in Compliance

Rebecca Walker on Developing and Using Risk Assessments-A Holistic Approach

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

One of the key components of a compliance program is a risk assessment.  However, how to develop the right one for your organization is an art, not a science, as is how to best use the findings and report the results.  In this episode, Rebecca Walker, one of the founders of Kaplan & Walker LLP, takes a deep dive into the subject.

Rebecca has been in the compliance field for over 20 years, and has always been an advocate for a holistic and well-rounded view of compliance.  She speaks regularly on many topics, and here, Lisa and Rebecca talk about various aspects of risk assessments including how to tailor your risk assessment to your organization, or if you know there is a risk, do you need to then do an assessment.  They also touch on the distinction between risk assessments and program assessments.

Rebecca also talks about the beginning of her career in a large law firm, and the challenges of starting her own firm, both in general and as a woman.  She recounts a story about her 1st day that illustrates both the fear and excitement of starting out.

The Great Women in Compliance podcast is excited to look at topics like this one, and we are always open to suggestions for guests.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.

You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
31 Days to More Effective Compliance Programs

Day 14 | Risk Assessments


One cannot really say enough about risk assessments in the context of anti-corruption programs. This is because every corporate compliance program should be based upon a risk assessment, to understand your organization’s business from the commercial perspective, how your organization has identified, assessed, and defined its risk profile and, finally, the degree to which the program devotes appropriate scrutiny and resources to this range of risks. Yet the 2020 Update added a new emphasis that Risk Assessments should not be done not less than annually.
As far back as 1999, in the Metcalf & Eddy enforcement action, the DOJ has said that risk assessments that measure the likelihood and severity of possible FCPA violations should direct your resources to manage these risks. The 2012 FCPA Guidance stated it succinctly when it said, “Assessment of risk is fundamental to developing a strong compliance program and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.
There are a number of ways you can slice and dice your basic inquiry. As with almost all FCPA compliance, it is important that your protocol be well thought out. If you use one, some or all of the above as your basic inquiries for your risk analysis, it should be acceptable for your starting point. 
Three key takeaways:

  1. Since at least 1999, the DOJ has pointed to the risk assessment as the start of an effective compliance program.
  2. The DOJ will now consider both your risk assessment methodology for identifying risks and gathered evidence.
  3. You should base your compliance program on your risk assessment.